WSE and X509 trouble
From: andrea (a.canade_at_retis.it)
Date: 10/15/04
- Next message: Softwaremaker: "Re: how can i convert .asmx file to a .ashx?"
- Previous message: Martin Kulov: "Re: config file"
- Next in thread: Julie Lerman: "Re: WSE and X509 trouble"
- Reply: Julie Lerman: "Re: WSE and X509 trouble"
- Messages sorted by: [ date ] [ thread ]
Date: 15 Oct 2004 01:44:31 -0700
Hi all
i've some question about security with x509 that are not clear to me
:(
are these steps correct to make a security soap based test
application?
terminology:
client is a console application that send signed soap request and
receive signed soap response or faults...
server is a web service using policy files to add security requirement
to the project.
SERVER
1) i create a webservice (stupid: only a string Repeat(string word)
web-method)
i configure the solution with WSE, particularry i set on security tab
LocalMachine as store location
and policy files with a default endpoint...
at this point the wizard start... i chose to make a secure server
i check use signed request
i check use signed response then next...
i choose X509 certificate
now wizard tell me to choose the certificate to use for client
authentication?'
what does this mean ??
is the certificate inserted on the soap request by client?... i mean
so..
i insert anything and choose next and complete the wizard
now i build and my service is up !!
CLIENT
2) soap communication with digiatal certificate mean that the client
buy a certifcate from (i said one) "verisign" for example...
it is correct?
the client put the certificate in his Store CurrentUser store
but what is the location? Trusted? People?
2)
I create a client application
i add a proxy created with wsdl.exe
i change the base class of the proxy to make it work with WSE
i enable WSE for my application
NOW must i Add the policy file created on server side?
or must i create a new policy file for client security??
i've created a new policy file
but the wizard
- tell me to add a certificate site in the current-user personal store
(but the certificate must not be inserted into the Thrusted store? )
- tell me to choose another certificate to authenticate the service
what does this mean? i've only one certificate
thank you for patience
andrea
- Next message: Softwaremaker: "Re: how can i convert .asmx file to a .ashx?"
- Previous message: Martin Kulov: "Re: config file"
- Next in thread: Julie Lerman: "Re: WSE and X509 trouble"
- Reply: Julie Lerman: "Re: WSE and X509 trouble"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
